Recent Articles

“Hacking and Penetration Testing with Low Power Devices” by Philip Polstra is an excellent read. The author bases this book on his experiences in both hardware, software and penetration testing and combines the various disciplines to both educate and enlighten the reader. Ultimately, the subject matter revolves around using the BeagleBone Black and a customized ARM penetration testing Linux distro, which Polstra’s dubbed ‘The Deck,’ to perform various types of hacking activities. It’s described as, “A practical guide to performing penetration tests from a distance with low-cost, battery-powered devices.” Oh yeah… just what the doctor ordered.

Let me open by saying that this book struck my “techie geek” nerve. Years and years ago, not too long after I became a computer guy, but far before becoming a professional penetration tester, I managed a Radio Shack store (sad to see they’re going away). I guess you could say I was a maker before it was called that. This book, while discussing pentesting, code, automation and stealth, offers the reader a great experience as he brings them into a world of hardware manipulation, discussions of power consumption, radio communication, and other really cool topics. It truly embraces the mindset of the hacker in a cross-disciplinary way and acts like a perfect bridge for those currently in the computer hacking arena into the exciting wider world of the maker movement. I’m excited to share this experience with you, so let’s get to it.

After a long love affair with Ruby, I was excited to get back into more Python in the new year. One of my main goals was to build additional skills with Python, and continue to build up skills in defense and response. When “Python Forensics: A workbench for inventing and sharing digital forensic technology“ by Chet Hosmer came out, I was excited about all of the possibilities. There are a number of books about using Python for attacking, but a strong book on building forensics tools is a nice change of pace.

Python Forensics target audience is “anyone who has a desire to learn how to leverage the Python language to forensic and digital investigation problems.” Hosmer hits the target audience well by both having introductory sections that go over some Python basics as well as a number of cookbook-style chapters that have programs to perform a number of different forensic functions. Let’s take a closer look at this Syngress Publishing title.

We Have a Winner of SANS vLive!!

The year is at an end, the mercury is dropping quickly and yet we have reason to celebrate. EH-Net member SephStorm has earned this great prize and thus will have a head start into the 2015 of his dreams. He has won one free 2015 vLive course from SANS Institute, the most trusted source for information security training, certification and research. vLive courses meet live online twice each week for six weeks and include six months on online archive access. Each vLive course is taught by a top SANS instructor in an interactive online classroom, includes all of SANS’ standard course materials, and never requires travel.

Didn’t win this time? No worries. EH-Netters still get$150 OFF Any SANS Course in Any Formatwith Coupon Code: SANS_EHN150

Congratulations and many thanks for your continued contributions to EH-Net and the wider security community. The winner was chosen from the group of those most prolific in the EH-Net Community Forums. This month’s giveaway was worth $4615 – $5350, so well done! We’ll do it again soon.

“Georgia, Georgia…” The tune “Georgia on My Mind” was spinning through my head when I was given the chance to review “Penetration Testing: A Hands-On Introduction to Hacking,” a book by Georgia Weidman from No Starch Press. Having watched some of her conference presentations online and knowing the work she’s put into the Smartphone Pentest Framework (SPF), I’ve been looking forward to the opportunity to dive into the book for a while now, and her enthusiasm and efforts made it a worthwhile wait. Amazon’s book description includes the following:

“In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment – including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.”

So with the new year upon us, this gives everyone the opportunity to dive into a topic whether it be for advancing your current career, jumping into a new one or simply to amaze your friends and families. Hacking news both good and bad are everywhere these days. It’s time for you to get into the game. Find out how Ms. Weidman can help.

Dark Side Ops: Custom Penetration Testing enables participants to “break through” to the next level by removing their dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom tool development designed specifically for the target environment.

Dark Side Ops (DSO) is a course on targeted attacks, evasion, and advanced post exploitation… with a twist. The thesis of DSO is this: if you want to credibly simulate a real world attacker, you need advanced capability. You can’t do this with unmodified open source tools. This course teaches students how to build and modify advanced capabilities. Let’s take a closer look.

Win SANS vLive Course of Your Choice in 2015!!

Leaves are falling and thoughts of a polar vortex swirl in our minds as if it were yesterday. But forever being the optimist allows us to see this as an opportunity. Colder weather means more indoor time to focus on filling up those gaps in our knowledge. Each of us has different gaps, but we all have them. So we’ve come up with a single prize that can address anyone’s needs all in one shot and give you a head start into the 2015 of your dreams. Up for grabs this month is one free 2015 vLive course from SANS Institute, the most trusted source for information security training, certification and research. vLive courses meet live online twice each week for six weeks and include six months on online archive access. Each vLive course is taught by a top SANS instructor in an interactive online classroom, includes all of SANS’ standard course materials, and never requires travel.

Interested in other SANS training? As always, we’ve got you covered.
EH-Netters get $150 OFF Any SANS Course in Any Format with Coupon Code: SANS_EHN150

Alright EH-Netters… you know the drill. Contribute and you can win. It’s that simple. The winner will be chosen from the group of those most prolific in their helping of newbies in the EH-Net Community Forums, submit articles and reviews, spread the word on social networks blah blah blah. This month’s giveaway is worth $4615 – $5350, so get to it! We’ll announce the winner in mid December, so there’s plenty of time to impress the judges.

As books go, I’m a lifelong reader, so when offered the chance to do more ‘regular’ reviews for The Ethical Hacker Network (EH-Net), I jumped at the opportunity. The past few weeks, I’ve been buried in a GREAT read. Applied Network Security Monitoring: Collection, Detection, and Analysis by Chris Sanders and Jason Smith is an extremely informative dive into the realm of network security data collection and analysis. Fitting for both the offensive and defensive sides of security, the book looks closely at the various concepts, practices and tools that combine to create functional and cost-effective Network Security Monitoring (NSM) solutions for IT environments of all shapes and sizes. For the offensive-security minded, it gives an insight into the tools and techniques used to monitor the network, and allows one to consider how best to circumvent those methods. For the defensive-security minded, the authors do a fantastic job of equipping the reader with not only methodologies but also with tools and realistic examples.

Bear with me on this review, as this book at 496 pages is a long one, but in my opinion, an excellent resource. I’ll do my best to give a thorough overview of the material while keeping things as concise as possible. Hopefully, you’ll see that it’s a worthwhile read in giving a running start into the world of NSM.

We Have a Winner!!

It’s back to school time. That doesn’t just mean for the kids. Everyone can take this opportunity to feel refreshed, to take your career by the horns and ride it to prosperity. Break open that brand new notebook, sharpen your pencils and let’s get to work! With this month’s prize, you can not only learn a huge number of topics, but you can have unlimited access to this learning for an entire year! Our friends at CareerAcademy.com have a proven track record of providing top notch IT certification training. Their InfoSec and IT Certification Subscription includes unlimited access to their entire instructor led, OnDemand InfoSec and IT training catalog. The catalog comprises 45+ training courses, including EC-Council Endorsed CEH, CHFI, ECSA/LPT, ENSA, Cisco Authorized CCENT, CCNA, CCNP, Microsoft MCSA, MCSE, CompTIA A+, Network+, Security+, ISACA CISA, CISM, ISC2 CISSP and VMware training courses. Make yourself stand out in your office! Begin your certification training today!

Our deserving EH-Netter this time around is hayabusa. Enjoy the multitude of courses now at your fingertips for a full year!! Keep us posted on your progress and feel free to submit a review article of the courses or an opinion piece on advancing your career through online learning. Either way, congratulations!

Career Academy is also offering a limited time special pricing of only $99 for the InfoSec and IT Certification Training All Access Subscription. Sign up now to get instant access!Get more details and access to free instant demo videos after the break.

Upcoming Industry Events

CarolinaCon 11 The Last CarolinaCon As We Know It More info coming soon. CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also[...]

InfoSec World 2015 The MISTI team is excited to bring you a lineup of conference sessions, workshops and summits that address the most pressing matters in information security today. With a selection of our top-rated[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]

ShowMeCon 2015 St. Louis’ Hacking & Cyber Security Con ShowMeCon. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training[...]